Is there a way to encrypt Syslog traffic using TLS like syslog-ng or rsyslog do? I'm trying to avoid having to set up syslog-ng or rsyslog on the Sumo Logic Collector box in order to receive the encrypted Syslog traffic and forward it to the Sumo Logic Collector. 


Unfortunately, the Collector does not currently support receiving TLS syslog data directly with a Syslog Source. You need to set up an intermediary service to receive the TLS data and then forward the plain text to the Source. An alternative to using syslog-ng or rsyslog for this is to use stunnel. As described on, "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."

Downloaded from Or on CentOS/RedHat, you can also run the following command to install stunnel:

> yum install stunnel

 Once installed, generate a key/cert on the host, and then use a stunnel config similar to the following to proxy the syslog data:

cert = /etc/stunnel/stunnel.pem 
sslVersion = SSLv3 
chroot = /var/run/stunnel/ 
setuid = nobody 
setgid = nobody 
pid = / 
socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=1 
output = stunnel.log 
client = no 
accept = 1543 
connect = 1514

 In this example, we're listening for incoming TLS connections on the host port 1543/TCP ("accept = 1543"). Then this forwards the plain text data to port 1514/TCP, ("connect = 1514") or the port defined in the Collector Syslog config, via the loop back.

For complete instructions, see Configure a Syslog Source.  

Find more information on Stunnel and its available configuration options, see: